Information regarding processing of personal data
This information will be reviewed and adapted, if necessary, in the event of a regulatory update.
1. Identity and contact details of the Data Controller
The Data Controller is GRIMA SRL with registered office in Via di Camerata, 23 50133 FLORENCE - VAT no. 03557200486 The following contact information of the Data Controller is listed:
- Telephone number: +39 055 623300
- Fax: +39 055 677628
- Email address: email@example.com
- Website: www.hotelgrifonefirenze.it
- Certified electronic mail: firstname.lastname@example.org
2. Personal data collected
a) Navigation data
The computer systems and software procedures used to operate this site acquire, in normal operation, some personal data that are then implicitly transmitted in the use of Internet communication protocols. These data are not collected to be associated with identified interested parties, but which by their nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: apart from this possibility, the data on web contacts do not persist for more than seven days.
b) Data provided voluntarily by the user
Personal data, such as the data communicated by you through the registration on the website, on the occasion of the conclusion of contracts for the services of the Data Controller, registration and / or participation in events, or in any case voluntarily provided by you, will be collected under appropriate informative and, in the cases foreseen by the law, behind free and express consent and are inherent to: - Identification data (for example: name, surname, address, telephone, fax, email, bank details, payment etc ...); - Tax data (if required by law, for example: tax code, VAT number, etc); - Particular data as per art. 9 GDPR; - Judicial data pursuant to art. 10 GDPR.
c) Personal data entered in the reserved area
The collected data (for example: name and surname, company name, VAT number, address, telephone number, fax number, e-mail address), object of the treatment, let us know through the website in order to register with the portal and access the reserved area, will be used for the sole purpose of providing the services offered through access to the reserved area itself on the site, in full compliance with the right to privacy and protection of personal data, the principle of fairness and the provisions of law in the field.
e) Plugin Social Network
3. Purposes and methods of treatment
The purposes of processing personal data are as follows:
a) Compliance with legal obligations related to the contractual relationship;
b) Organizational management of the contractual relationship ;
c) Allow browsing and consultation of the www.hotelgrifonefirenze.it website ;
d) Respond to requests for assistance or information that the Data Controller will receive via e-mail, telephone or chat through the application or through the appropriate form ;
e) Statistical analysis of the service provided ;
f) Obtaining legal, accounting and tax obligations ;
g) For the exclusive purpose of security and prevention of fraudulent conduct, the holder implements an automatic control system that involves the detection and analysis of user behavior on the site associated with the processing of personal data including the IP address;
h) Electronic payments and management of customer billing history;
i) Pursuant to art. 7 EU Regulation 2016/679, your data will be processed for the following marketing purposes: communication via e-mail, mail and / or text messages and / or telephone contacts, newsletters, commercial communications and / or advertising material on products or services offered from the Data Controller or surveys of the degree of satisfaction with the quality of the services; send them via e-mail, mail and / or sms and / or telephone contacts commercial communications and / or advertising material on products or services offered by third parties (for example, business partners).
The processing of your personal data is carried out by means of the operations indicated in art. 4 n. 2) EU Regulation 2016/679 and precisely: collection, registration, organization, structuring, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are not subject to disclosure, with the exception of cases expressly provided for by law, or to any fully automated decision making process, including profiling. Personal data will be processed in paper form, computerized and telematic, with logic strictly related to the same purposes also through the use of fax, telephone, mobile phone, e-mail or other remote communication techniques; personal data will be entered in the relevant databases to which only the Data Controller and its representatives will be able to access. Personal data will be managed by implementing appropriate technical and organizational measures to guarantee a level of security appropriate to the risk pursuant to art. 32 EU Regulation 2016/679.
4. Legal basis and mandatory or optional nature of the processing
The legal basis of the processing of personal data for the purposes described above is the art. 6 par. 1 lett. b) of EU Regulation 2016/679 as the treatments are necessary for the provision of the contracted services. The provision of personal data for these purposes is optional but failure to provide it would make it impossible to activate the required Services. The purposes related to legal obligations are a legitimate processing of personal data pursuant to art. 6 par. 1 lett. c) of the 2016/679 EU Regulation. Once the personal data have been transferred, the processing may indeed be necessary to comply with legal obligations to which GRIMA SRL is subject. The treatments performed for marketing and newsletter purposes described above are based on the issue of your consent pursuant to art. 6 par. 1 lett. a) of the EU 2016/679 Regulation. The provision of your personal data for these purposes is entirely optional and does not affect the use of the services. Subsequent processing, carried out for purposes of e-mail marketing on products or services similar to those purchased by you, is instead based on its legal basis, pursuant to art. 6 par. 1 lett. f) of EU Regulation 2016/679, in the legitimate interest of GRIMA SRL to promote its products or services in a context in which the interested party can reasonably expect this type of treatment, to which you can also oppose at any time. In fact, if you wish to oppose the processing of your data for these marketing purposes, you may at any time do so through its control panel, or by sending a request to GRIMA SRL at email@example.com through the mechanism proposed in the same text of the commercial email.
5. Any recipients of the data
Without the need for express consent (Article 6 letter b) and c) EU Regulation 2016/679 the holder may communicate your data for the purposes referred to in this information to: Supervisory bodies, Judicial authorities, as well as those subjects to whom the communication is mandatory by law for the accomplishment of the purposes expressed. These subjects will process the data in their capacity as independent data controllers. Your data may be made accessible for the purposes set out in this notice to employees and collaborators of the Data Controller or of the companies related to GRIMA SRL in Italy and abroad, in their capacity as authorized treatment and / or internal data processors and / or system administrators; to third-party companies or other entities that carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors. Furthermore, in relation to the purposes referred to in this statement, with the exception of those specified on letter i) (marketing purposes), the data may be communicated to the following subjects or to the categories of subjects indicated below:
- Studies of recognized accountants related to the profession of assistance to companies when the communication is due by law, or is in the interest of the subject (natural or legal person);
- Studies of recognized lawyers related to the profession of assistance to companies when the communication is due by law, regularly in charge of this form of treatment in full compliance with the minimum measures in force, or when the communication is in the interest of the subject (natural or legal person ). Only if you have given a specific consent, your data may be shared with commercial partners for their separate and autonomous purposes. The Data Controller also informs that it does not intend to transfer data to a non-EU third country or to an international non-EU organization. The complete list of data processors and data processors is available, constantly updated, at the registered office of the Data Controller and can be viewed by sending a written request to GRIMA SRL to firstname.lastname@example.org
6. Data transfer
The management and storage of personal data will be carried out on servers located within the European Union of the Owner and / or third-party companies appointed and duly appointed as Data Processors. In any case, it is understood that the Data Controller, where necessary, will have the right to move the server location to Italy and / or the European Union and / or non-EU countries. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided for European Commission.
7. Data retention period
Your personal data will be processed by the Data Controller only as necessary for the pursuit of the purpose referred to in this statement. In particular, your personal data will be processed for a period of time equal to the minimum necessary, as indicated in Recital 39 of EU Regulation 2016/679, ie until the termination of the contractual relations between you and the Data Controller, without prejudice a further retention period that may be imposed by law, as also foreseen by Recital 65 of EU Regulation 2016/679. Beyond this period, personal data will be stored anonymously or destroyed.
8. Rights of the interested party
With regard to the data themselves, the interested party, or a person delegated in writing, can exercise the following rights:
- the right of access, expressly provided for by art. 15 of EU Regulation 2016/679, ie the possibility to access all personal information concerning him; - the right of rectification, expressly provided for by art. 16 of EU Regulation 2016/679, ie the possibility of obtaining the updating of inaccurate personal data concerning him without justified delay; - the right to be forgotten, expressly provided for by art. 17 of EU Regulation 2016/679, consisting of the right to cancel personal data concerning the individual concerned; - the right to limit processing when one of the hypotheses provided for by art. 18 of the 2016/679 EU Regulation; - the right to data portability, expressly provided for by art. 20 of EU 2016/679 Regulation, ie the right to obtain their data and / or the right to receive their personal data in an interoperable format to another data controller without hindrance by this Company; - the right to object to the processing of personal data, expressly provided for by art. 21 of the 2016/679 EU Regulation; - the right of withdrawal of consent at any time, expressly provided for by art. 7 of the 2016/679 EU Regulation; - the right to lodge a complaint with a supervisory authority; - the right to bring a judicial remedy in case of unlawful processing of data, even against acts taken by the Guarantor pursuant to Article 78 of the 2016/679 EU Regulation.
To exercise your rights you can contact the Data Controller at the contact points indicated in this statement.
9. Nature of the provision
The provision of personal data necessary for the provision of the services requested by the user is optional, but any failure to provide it makes it impossible to activate the services requested. With respect to the data that the owner is obliged to know in order to fulfill the obligations established by law, regulations and community legislation, or by provisions issued by Authorities legitimated by the law and by supervisory and control bodies, their failure to provide on the part of the user implies the impossibility of establishing or continuing the relationship, within the limits in which such data are necessary for the execution of the same. The provision of personal data for marketing and newsletters, as described in this statement, is entirely optional and does not affect the use of the services requested.
Finally, we inform you that if you believe that your rights have been violated by the Data Controller and / or a third party, you have the right to lodge a complaint with the Personal Data Protection Authority and / or with another competent Supervisory Authority. of the EU Regulation n. 2016/679.